From e3dc7d46e15d97f8bd008acf3489d5e6c22b8daa Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 21 Feb 2016 14:23:24 +0100
Subject: CSP: Use inline JSON instead of one-time cookie

Simpler, lighter
https://github.com/FreshRSS/FreshRSS/issues/1075
---
 p/scripts/main.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'p/scripts')

diff --git a/p/scripts/main.js b/p/scripts/main.js
index 31b07721a..f07cdafd7 100644
--- a/p/scripts/main.js
+++ b/p/scripts/main.js
@@ -1245,10 +1245,10 @@ function init_configuration_alert() {
 	});
 }
 
-function parseJavaScriptCookie() {
-	var vars = decodeURIComponent(document.cookie.replace(/(?:(?:^|.*;\s*)FreshRSS-vars\s*\=\s*([^;]*).*$)|^.*$/, "$1"));
-	document.cookie = 'FreshRSS-vars=; expires=Thu, 01 Jan 1970 00:00:00 GMT';
-	var json = JSON.parse(vars);
+function parseJsonVars() {
+	var jsonVars = document.getElementById('jsonVars'),
+		json = JSON.parse(jsonVars.innerHTML);
+	jsonVars.outerHTML = '';
 	window.context = json.context;
 	window.shortcuts = json.shortcuts;
 	window.url = json.url;
@@ -1264,7 +1264,7 @@ function init_all() {
 		window.setTimeout(init_all, 50);
 		return;
 	}
-	parseJavaScriptCookie();
+	parseJsonVars();
 	init_notifications();
 	init_confirm_action();
 	$stream = $('#stream');
-- 
cgit v1.2.3